search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / lib / libkmf / include / kmfapiP.h
blob42f19ad5dc1535a272b20fee8c377fc641132a2b
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
22 */
23 #ifndef _KMFAPIP_H
24 #define _KMFAPIP_H
25
26 #include <kmfapi.h>
27 #include <kmfpolicy.h>
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 /* Plugin function table */
34 typedef struct {
35 ushort_t version;
36 KMF_RETURN (*ConfigureKeystore) (
37 KMF_HANDLE_T,
38 int,
39 KMF_ATTRIBUTE *);
40
41 KMF_RETURN (*FindCert) (
42 KMF_HANDLE_T,
43 int,
44 KMF_ATTRIBUTE *);
45
46 void (*FreeKMFCert) (
47 KMF_HANDLE_T,
48 KMF_X509_DER_CERT *);
49
50 KMF_RETURN (*StoreCert) (
51 KMF_HANDLE_T,
52 int, KMF_ATTRIBUTE *);
53
54 KMF_RETURN (*ImportCert) (
55 KMF_HANDLE_T,
56 int, KMF_ATTRIBUTE *);
57
58 KMF_RETURN (*ImportCRL) (
59 KMF_HANDLE_T,
60 int, KMF_ATTRIBUTE *);
61
62 KMF_RETURN (*DeleteCert) (
63 KMF_HANDLE_T,
64 int, KMF_ATTRIBUTE *);
65
66 KMF_RETURN (*DeleteCRL) (
67 KMF_HANDLE_T,
68 int, KMF_ATTRIBUTE *);
69
70 KMF_RETURN (*CreateKeypair) (
71 KMF_HANDLE_T,
72 int,
73 KMF_ATTRIBUTE *);
74
75 KMF_RETURN (*FindKey) (
76 KMF_HANDLE_T,
77 int,
78 KMF_ATTRIBUTE *);
79
80 KMF_RETURN (*EncodePubkeyData) (
81 KMF_HANDLE_T,
82 KMF_KEY_HANDLE *,
83 KMF_DATA *);
84
85 KMF_RETURN (*SignData) (
86 KMF_HANDLE_T,
87 KMF_KEY_HANDLE *,
88 KMF_OID *,
89 KMF_DATA *,
90 KMF_DATA *);
91
92 KMF_RETURN (*DeleteKey) (
93 KMF_HANDLE_T,
94 int,
95 KMF_ATTRIBUTE *);
96
97 KMF_RETURN (*ListCRL) (
98 KMF_HANDLE_T,
99 int, KMF_ATTRIBUTE *);
100
101 KMF_RETURN (*FindCRL) (
102 KMF_HANDLE_T,
103 int, KMF_ATTRIBUTE *);
104
105 KMF_RETURN (*FindCertInCRL) (
106 KMF_HANDLE_T,
107 int, KMF_ATTRIBUTE *);
108
109 KMF_RETURN (*GetErrorString) (
110 KMF_HANDLE_T,
111 char **);
112
113 KMF_RETURN (*FindPrikeyByCert) (
114 KMF_HANDLE_T,
115 int,
116 KMF_ATTRIBUTE *);
117
118 KMF_RETURN (*DecryptData) (
119 KMF_HANDLE_T,
120 KMF_KEY_HANDLE *,
121 KMF_OID *,
122 KMF_DATA *,
123 KMF_DATA *);
124
125 KMF_RETURN (*ExportPK12)(
126 KMF_HANDLE_T,
127 int,
128 KMF_ATTRIBUTE *);
129
130 KMF_RETURN (*CreateSymKey) (
131 KMF_HANDLE_T,
132 int,
133 KMF_ATTRIBUTE *);
134
135 KMF_RETURN (*GetSymKeyValue) (
136 KMF_HANDLE_T,
137 KMF_KEY_HANDLE *,
138 KMF_RAW_SYM_KEY *);
139
140 KMF_RETURN (*SetTokenPin) (
141 KMF_HANDLE_T,
142 int, KMF_ATTRIBUTE *);
143
144 KMF_RETURN (*StoreKey) (
145 KMF_HANDLE_T,
146 int,
147 KMF_ATTRIBUTE *);
148
149 void (*Finalize) ();
150
151 } KMF_PLUGIN_FUNCLIST;
152
153 typedef struct {
154 KMF_ATTR_TYPE type;
155 boolean_t null_value_ok; /* Is the pValue required */
156 uint32_t minlen;
157 uint32_t maxlen;
158 } KMF_ATTRIBUTE_TESTER;
159
160 typedef struct {
161 KMF_KEYSTORE_TYPE type;
162 char *applications;
163 char *path;
164 void *dldesc;
165 KMF_PLUGIN_FUNCLIST *funclist;
166 } KMF_PLUGIN;
167
168 typedef struct _KMF_PLUGIN_LIST {
169 KMF_PLUGIN *plugin;
170 struct _KMF_PLUGIN_LIST *next;
171 } KMF_PLUGIN_LIST;
172
173 typedef struct _kmf_handle {
174 /*
175 * session handle opened by kmf_select_token() to talk
176 * to a specific slot in Crypto framework. It is used
177 * by pkcs11 plugin module.
178 */
179 CK_SESSION_HANDLE pk11handle;
180 KMF_ERROR lasterr;
181 KMF_POLICY_RECORD *policy;
182 KMF_PLUGIN_LIST *plugins;
183 KMF_MAPPER_STATE *mapstate;
184 } KMF_HANDLE;
185
186 #define CLEAR_ERROR(h, rv) { \
187 if (h == NULL) { \
188 rv = KMF_ERR_BAD_PARAMETER; \
189 } else { \
190 h->lasterr.errcode = 0; \
191 h->lasterr.kstype = 0; \
192 rv = KMF_OK; \
193 } \
194 }
195
196 #define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize"
197
198 #ifndef KMF_PLUGIN_PATH
199 #if defined(__sparcv9)
200 #define KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
201 #elif defined(__sparc)
202 #define KMF_PLUGIN_PATH "/lib/crypto/"
203 #elif defined(__i386)
204 #define KMF_PLUGIN_PATH "/lib/crypto/"
205 #elif defined(__amd64)
206 #define KMF_PLUGIN_PATH "/lib/crypto/amd64/"
207 #endif
208 #endif /* !KMF_PLUGIN_PATH */
209
210 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
211
212 extern KMF_RETURN
213 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
214 KMF_DATA *, KMF_DATA *);
215
216 extern KMF_BOOL pkcs_algid_to_keytype(
217 KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
218
219 extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T,
220 CK_SESSION_HANDLE, CK_MECHANISM_TYPE,
221 KMF_DATA *, KMF_DATA *, boolean_t);
222
223 extern KMF_RETURN PKCS_VerifyData(
224 KMF_HANDLE *,
225 KMF_ALGORITHM_INDEX,
226 KMF_X509_SPKI *,
227 KMF_DATA *, KMF_DATA *);
228
229 extern KMF_RETURN PKCS_EncryptData(
230 KMF_HANDLE *,
231 KMF_ALGORITHM_INDEX,
232 KMF_X509_SPKI *,
233 KMF_DATA *,
234 KMF_DATA *);
235
236 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
237
238 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
239
240 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
241 KMF_X509_ALGORITHM_IDENTIFIER *srcid);
242
243 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
244 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
245
246 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
247 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
248 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
249 KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
250 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
251 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
252 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
253 KMF_X509_EXTENSION *newextn);
254 extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
255 extern void free_keyidlist(KMF_OID *, int);
256 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
257 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
258 extern void free_dp_name(KMF_CRL_DIST_POINT *);
259 extern void free_dp(KMF_CRL_DIST_POINT *);
260 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
261 int, uint32_t);
262 extern KMF_RETURN init_pk11();
263 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
264 int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
265
266 /* Indexes into the key parts array for RSA keys */
267 #define KMF_RSA_MODULUS (0)
268 #define KMF_RSA_PUBLIC_EXPONENT (1)
269 #define KMF_RSA_PRIVATE_EXPONENT (2)
270 #define KMF_RSA_PRIME1 (3)
271 #define KMF_RSA_PRIME2 (4)
272 #define KMF_RSA_EXPONENT1 (5)
273 #define KMF_RSA_EXPONENT2 (6)
274 #define KMF_RSA_COEFFICIENT (7)
275
276 /* Key part counts for RSA keys */
277 #define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2)
278 #define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8)
279
280 /* Key part counts for DSA keys */
281 #define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4)
282 #define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4)
283
284 /* Indexes into the key parts array for DSA keys */
285 #define KMF_DSA_PRIME (0)
286 #define KMF_DSA_SUB_PRIME (1)
287 #define KMF_DSA_BASE (2)
288 #define KMF_DSA_PUBLIC_VALUE (3)
289
290 #define KMF_ECDSA_PARAMS (0)
291 #define KMF_ECDSA_POINT (1)
292
293 #ifndef max
294 #define max(a, b) ((a) < (b) ? (b) : (a))
295 #endif
296
297 /* Maximum key parts for all algorithms */
298 #define KMF_MAX_PUBLIC_KEY_PARTS \
299 (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
300 KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
301
302 #define KMF_MAX_PRIVATE_KEY_PARTS \
303 (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
304 KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
305
306 #define KMF_MAX_KEY_PARTS \
307 (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
308
309 typedef enum {
310 KMF_ALGMODE_NONE = 0,
311 KMF_ALGMODE_CUSTOM,
312 KMF_ALGMODE_PUBLIC_KEY,
313 KMF_ALGMODE_PRIVATE_KEY,
314 KMF_ALGMODE_PKCS1_EMSA_V15
315 } KMF_SIGNATURE_MODE;
316
317 #define KMF_CERT_PRINTABLE_LEN 1024
318 #define SHA1_HASH_LENGTH 20
319
320 #define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX"
321 #define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX"
322
323 #define _PATH_KMF_CONF "/etc/crypto/kmf.conf"
324 #define CONF_MODULEPATH "modulepath="
325 #define CONF_OPTION "option="
326
327 typedef struct {
328 char *keystore;
329 char *modulepath;
330 char *option;
331 KMF_KEYSTORE_TYPE kstype;
332 } conf_entry_t;
333
334 typedef struct conf_entrylist {
335 conf_entry_t *entry;
336 struct conf_entrylist *next;
337 } conf_entrylist_t;
338
339 extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX,
340 CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t);
341 extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *,
342 CK_MECHANISM_TYPE, CK_FLAGS);
343 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
344 extern void free_entrylist(conf_entrylist_t *);
345 extern void free_entry(conf_entry_t *);
346 extern conf_entry_t *dup_entry(conf_entry_t *);
347 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
348 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
349 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
350 extern KMF_RETURN copy_extension_data(KMF_X509_EXTENSION *,
351 KMF_X509_EXTENSION *);
352 extern char *get_mapper_pathname(char *, char *);
353
354 #ifdef __cplusplus
355 }
356 #endif
357 #endif /* _KMFAPIP_H */